Date
1 - 20 of 34
[VOTE] In-toto for incubating
Richard Hartmann
+1 binding.
I still have some thoughts around overall velocity, but after talking
to h01ger off-list, I am confident in changing my vote.
The rest of this email is more about Debian than CNCF, feel free to skip.
On Tue, Feb 22, 2022 at 12:19 PM Lukas Puehringer
<lukas.puehringer@...> wrote:
so I missed this.
onto any claims re Debian doing/saying/being anything specific due to
how often it was used as a reference and not always in the best of
faith.
As a nit, shipping manpages with Linux packages would be preferable,
but I know a lot of projects don't. Ones I should probably be writing
manpages for myself included.
Thanks for the detailed responses from the in-toto crowd,
best,
Richard
I still have some thoughts around overall velocity, but after talking
to h01ger off-list, I am confident in changing my vote.
The rest of this email is more about Debian than CNCF, feel free to skip.
On Tue, Feb 22, 2022 at 12:19 PM Lukas Puehringer
<lukas.puehringer@...> wrote:
Regarding our relationship to Debian and Reproducible Builds, we’ve been regulars at Debconfs and RB Summits since the inception of the in-toto project (see e.g. [2], [3]), and quite a few in-toto related projects have benefited from our involvement with the community, most notably [4],[5],[6].Thanks for those. After leading DebConf15 I kinda burned out wrt them,
so I missed this.
It is true that I personally am not a Debian Developer, but I have worked together with the DD Holger Levsen in the past to prepare and upload the downstream releases.Totally fine; as you probably know, DDs take an _extremely_ close look
onto any claims re Debian doing/saying/being anything specific due to
how often it was used as a reference and not always in the best of
faith.
As a nit, shipping manpages with Linux packages would be preferable,
but I know a lot of projects don't. Ones I should probably be writing
manpages for myself included.
Thanks for the detailed responses from the in-toto crowd,
best,
Richard
Lukas Puehringer
Hi Richard,
toggle quoted message
Show quoted text
Thank you for the thorough review and detailed comments! And thanks for the nudge about the Debian releases, I just pushed an up-to-date downstream release to mentors [1].
Regarding our relationship to Debian and Reproducible Builds, we’ve been regulars at Debconfs and RB Summits since the inception of the in-toto project (see e.g. [2], [3]), and quite a few in-toto related projects have benefited from our involvement with the community, most notably [4],[5],[6].
It is true that I personally am not a Debian Developer, but I have worked together with the DD Holger Levsen in the past to prepare and upload the downstream releases.
And here is a link to the latest organization-wide “Roadmap review” document, which Santiago mentioned:
There is definitely more going on in the broader in-toto ecosystem, than in the reference implementation, due to the maturity the latter has reached [7].
Let me know if you have questions about any of the resources I shared. I’m happy to provide more details (also off-list).
Kind regards,
Lukas
On 18.02.2022, at 00:28, Richard Hartmann <richih@...> wrote:Thank you for the quick & detailed response.
Also, again, I am still getting up to speed with this new hat on.
On Thu, Feb 17, 2022 at 9:30 PM Santiago Torres Arias <santiago@...> wrote:Debian is not a company.
I'm somewhat sad to read this reaction, considering we're an open source
project that is *not* backed by a company (one of the few around here in
fact). Although there are other users/communities we work with, I wanted
to single out the long-standing work we've done with Debian dating back
to 2015.
Sorry, for being unclear; the DD doc referred to Debian as a company.
The rest was me trying to drill into what specific relationship
exists. It would still be good to bump the version shipped with
Debian, IMO.
apt-transport-in-toto[1] is current.Being a DD yourself, maybe you know Holger Levsen?
For two decades, yes; I reached out-of-band.https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_orgs_in-2Dtoto_people_h01ger&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=IXqqlBgFt8MDjOKLhVvdkC2L2NwXnIXeRE8H--GWGuXpFf2ggBSdJ7SspW2jC7Pq&s=CZW112ZmrIUmwEwbQ7tG0M4yqh6dleeJH77n6njy1OU&e=
That org membership is non-public and he's not listed in MAINTAINERS.Personally, I was surprised to see your positive attitude for
reproducible builds on another project's (which is good to see it
mentioned!) vote but glossed over the in-toto bits as part of the
effort
That wasn't mentioned in the the DD doc and I missed it when looking
through the repo; sorry.
To make it explicit: Any project building reproducibly gets extra
points for being serious in my book.(I'm don't bleieve there are other CNCF projects listed here):
https://urldefense.proofpoint.com/v2/url?u=https-3A__reproducible-2Dbuilds.org_who_projects_&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=IXqqlBgFt8MDjOKLhVvdkC2L2NwXnIXeRE8H--GWGuXpFf2ggBSdJ7SspW2jC7Pq&s=lOzyllhfiXlGdLz6oC4QMF_OtTPHfhcVSAoKtMLEQ1U&e=
With my Prometheus hat on, I have tried to get Prometheus onto that
list for years but didn't make huge progress.
With my Grafana hat on: Same.In a sense, yes, the Python implementation is being used in production,
so we are wary to do major overhauls. We have adopted the attitude to
use the golang implementation to test out new features and then port
them back to the python one.
Thanks; I was going from DD doc & homepage.
In absolute numbers, not relative contributions over time, the Go
version looks similar to the Python for the last 1-2 years. Is [2] the
correct repository to look at?I can also say that we had various degrees of developer turnover once
the pandemic started...
[...]
No, this has been a committment we've done and/or around version 1.0. We
have lagged a couple of times, I agree.
More than understandable; I know how it is. Public documentation
should manage expectations and arguably underpromise.Overall, yes. Not sure if you've seen the roadmap reviews. We have also
moved to a monthly community meeting time where we discuss ITE status
and vote to increase velocity. We're starting to see a lot of
implementations (e.g., witness) that are bringing up new features. As
usual, we're in a tightrope between ensuring everybody is heard in terms
of feature additions (so as to not overlap), and allow people to play
with things to see what works.
I didn't see them no. Do you have a direct link to an overview?I do appreciate your perspective. And I've be happy to answer questions
or rephrase answers as needed.
As the DD doc is done and voting period already ongoing, I am not sure
how much use it is to go back and change it. I am too new in my TOC
role to have any opinion on this.
For the moment, I still feel more comfortable with +0 but want to
emphasize that this is _not_ a -1.
Again, thanks for the quick & detailed reply,
best,
Richard
Richard Hartmann
Thank you for the quick & detailed response.
Also, again, I am still getting up to speed with this new hat on.
On Thu, Feb 17, 2022 at 9:30 PM Santiago Torres Arias <santiago@...> wrote:
The rest was me trying to drill into what specific relationship
exists. It would still be good to bump the version shipped with
Debian, IMO.
apt-transport-in-toto[1] is current.
through the repo; sorry.
To make it explicit: Any project building reproducibly gets extra
points for being serious in my book.
list for years but didn't make huge progress.
With my Grafana hat on: Same.
In absolute numbers, not relative contributions over time, the Go
version looks similar to the Python for the last 1-2 years. Is [2] the
correct repository to look at?
should manage expectations and arguably underpromise.
how much use it is to go back and change it. I am too new in my TOC
role to have any opinion on this.
For the moment, I still feel more comfortable with +0 but want to
emphasize that this is _not_ a -1.
Again, thanks for the quick & detailed reply,
best,
Richard
Also, again, I am still getting up to speed with this new hat on.
On Thu, Feb 17, 2022 at 9:30 PM Santiago Torres Arias <santiago@...> wrote:
Sorry, for being unclear; the DD doc referred to Debian as a company.Debian is not a company.I'm somewhat sad to read this reaction, considering we're an open source
project that is *not* backed by a company (one of the few around here in
fact). Although there are other users/communities we work with, I wanted
to single out the long-standing work we've done with Debian dating back
to 2015.
The rest was me trying to drill into what specific relationship
exists. It would still be good to bump the version shipped with
Debian, IMO.
apt-transport-in-toto[1] is current.
Being a DD yourself, maybe you know Holger Levsen?For two decades, yes; I reached out-of-band.
https://github.com/orgs/in-toto/people/h01gerThat org membership is non-public and he's not listed in MAINTAINERS.
Personally, I was surprised to see your positive attitude forThat wasn't mentioned in the the DD doc and I missed it when looking
reproducible builds on another project's (which is good to see it
mentioned!) vote but glossed over the in-toto bits as part of the
effort
through the repo; sorry.
To make it explicit: Any project building reproducibly gets extra
points for being serious in my book.
(I'm don't bleieve there are other CNCF projects listed here):With my Prometheus hat on, I have tried to get Prometheus onto that
https://reproducible-builds.org/who/projects/
list for years but didn't make huge progress.
With my Grafana hat on: Same.
In a sense, yes, the Python implementation is being used in production,Thanks; I was going from DD doc & homepage.
so we are wary to do major overhauls. We have adopted the attitude to
use the golang implementation to test out new features and then port
them back to the python one.
In absolute numbers, not relative contributions over time, the Go
version looks similar to the Python for the last 1-2 years. Is [2] the
correct repository to look at?
I can also say that we had various degrees of developer turnover onceMore than understandable; I know how it is. Public documentation
the pandemic started...
[...]
No, this has been a committment we've done and/or around version 1.0. We
have lagged a couple of times, I agree.
should manage expectations and arguably underpromise.
Overall, yes. Not sure if you've seen the roadmap reviews. We have alsoI didn't see them no. Do you have a direct link to an overview?
moved to a monthly community meeting time where we discuss ITE status
and vote to increase velocity. We're starting to see a lot of
implementations (e.g., witness) that are bringing up new features. As
usual, we're in a tightrope between ensuring everybody is heard in terms
of feature additions (so as to not overlap), and allow people to play
with things to see what works.
I do appreciate your perspective. And I've be happy to answer questionsAs the DD doc is done and voting period already ongoing, I am not sure
or rephrase answers as needed.
how much use it is to go back and change it. I am too new in my TOC
role to have any opinion on this.
For the moment, I still feel more comfortable with +0 but want to
emphasize that this is _not_ a -1.
Again, thanks for the quick & detailed reply,
best,
Richard
Brandon Lum
+1 nb
On Thu, Feb 17, 2022 at 3:54 PM Santiago Torres Arias <santiago@...> wrote:
Hi Richard.
> +0 binding
> Debian is not a company.
I'm somewhat sad to read this reaction, considering we're an open source
project that is *not* backed by a company (one of the few around here in
fact). Although there are other users/communities we work with, I wanted
to single out the long-standing work we've done with Debian dating back
to 2015.
> search[1] nor Debian Maintainer search[2]. In a section below, Debian
> was removed and replaced with "New York University". Not a blocker,
> but being a Debian Developer myself, I feel compelled to mention it.
> Debian packages[3][4] for in-toto are from 2021-03-12, skipping 1.1.0,
> 1.1.1, and the recent 1.2.0 releases[5].
Being a DD yourself, maybe you know Holger Levsen?
https://github.com/orgs/in-toto/people/h01ger
He's been coaching us in doing the packaging for the Debian ecosystem,
including a transport for APT[1]. Which I believe is also used by
QubesOS. It is also part of the reproducible builds project to check
cross-build reproducibility (see integration with rebuilderd).
https://reproducible.seal.purdue.wtf/
https://github.com/kpcyrd/rebuilderd
Naturally, it is hard for me to make a statement to what level Debian is
involved, without feeling like I'm putting words on people's mouths.
However, I do believe that members of the Debian community have always
been participating and helping us out (mostly as a part of a shared goal
of build reprodicubility, as it is crucial for software supply chain
security). Personally, I was surprised to see your positive attitude for
reproducible builds on another project's (which is good to see it
mentioned!) vote but glossed over the in-toto bits as part of the
effort (I'm don't bleieve there are other CNCF projects listed here):
https://reproducible-builds.org/who/projects/
> Commit history graph[6] shows a distinct slowdown starting 2020. Does
> this mean the project has reached/is approaching feature completeness?
In a sense, yes, the Python implementation is being used in production,
so we are wary to do major overhauls. We have adopted the attitude to
use the golang implementation to test out new features and then port
them back to the python one.
I can also say that we had various degrees of developer turnover once
the pandemic started...
> Is the "every 3 months release cadence" starting with 1.2.0?
No, this has been a committment we've done and/or around version 1.0. We
have lagged a couple of times, I agree.
> Recent PRs were largely janitorial and/or from bots[7]. Along similar
> lines, the three example PRs[8][9][10] are dated middle of last year.
> ... [snip]
> I know from my own DDs that velocity can be deceiving, and that it can
> also be compensated by extremely wide adoption.
This is true, I'm not entirely in control on velocity. Overall, we get
high fluctuation on it, depending on how features get approved, new
integrations pop up, etc. I wish I had a better answer to this.
> Is there a timeframe for Future Plans & ITEs[11]?
Overall, yes. Not sure if you've seen the roadmap reviews. We have also
moved to a monthly community meeting time where we discuss ITE status
and vote to increase velocity. We're starting to see a lot of
implementations (e.g., witness) that are bringing up new features. As
usual, we're in a tightrope between ensuring everybody is heard in terms
of feature additions (so as to not overlap), and allow people to play
with things to see what works.
> Yet, I do not currently get a strong feeling of high velocity nor of
> very wide adoption. At the same time, I realize I am very late to the
> game in this DD process. Having joined TOC just before a week of
> illness makes me the late-comer with questions & vote. I explicitly
> do not want to block anything with incomplete information.
> As such, my current vote is +0 as per above. Depending on answers, I
> would be happy to switch to +1.
I do appreciate your perspective. And I've be happy to answer questions
or rephrase answers as needed.
Cheers!
-Santiago
[1] https://packages.debian.org/sid/x32/utils/apt-transport-in-toto
On Thu, Feb 17, 2022 at 09:00:52PM +0100, Richard Hartmann wrote:
>
Santiago Torres Arias <santiago@...>
Hi Richard.
project that is *not* backed by a company (one of the few around here in
fact). Although there are other users/communities we work with, I wanted
to single out the long-standing work we've done with Debian dating back
to 2015.
https://github.com/orgs/in-toto/people/h01ger
He's been coaching us in doing the packaging for the Debian ecosystem,
including a transport for APT[1]. Which I believe is also used by
QubesOS. It is also part of the reproducible builds project to check
cross-build reproducibility (see integration with rebuilderd).
https://reproducible.seal.purdue.wtf/
https://github.com/kpcyrd/rebuilderd
Naturally, it is hard for me to make a statement to what level Debian is
involved, without feeling like I'm putting words on people's mouths.
However, I do believe that members of the Debian community have always
been participating and helping us out (mostly as a part of a shared goal
of build reprodicubility, as it is crucial for software supply chain
security). Personally, I was surprised to see your positive attitude for
reproducible builds on another project's (which is good to see it
mentioned!) vote but glossed over the in-toto bits as part of the
effort (I'm don't bleieve there are other CNCF projects listed here):
https://reproducible-builds.org/who/projects/
so we are wary to do major overhauls. We have adopted the attitude to
use the golang implementation to test out new features and then port
them back to the python one.
I can also say that we had various degrees of developer turnover once
the pandemic started...
have lagged a couple of times, I agree.
high fluctuation on it, depending on how features get approved, new
integrations pop up, etc. I wish I had a better answer to this.
moved to a monthly community meeting time where we discuss ITE status
and vote to increase velocity. We're starting to see a lot of
implementations (e.g., witness) that are bringing up new features. As
usual, we're in a tightrope between ensuring everybody is heard in terms
of feature additions (so as to not overlap), and allow people to play
with things to see what works.
or rephrase answers as needed.
Cheers!
-Santiago
[1] https://packages.debian.org/sid/x32/utils/apt-transport-in-toto
On Thu, Feb 17, 2022 at 09:00:52PM +0100, Richard Hartmann wrote:
+0 bindingI'm somewhat sad to read this reaction, considering we're an open source
Debian is not a company.
project that is *not* backed by a company (one of the few around here in
fact). Although there are other users/communities we work with, I wanted
to single out the long-standing work we've done with Debian dating back
to 2015.
search[1] nor Debian Maintainer search[2]. In a section below, DebianBeing a DD yourself, maybe you know Holger Levsen?
was removed and replaced with "New York University". Not a blocker,
but being a Debian Developer myself, I feel compelled to mention it.
Debian packages[3][4] for in-toto are from 2021-03-12, skipping 1.1.0,
1.1.1, and the recent 1.2.0 releases[5].
https://github.com/orgs/in-toto/people/h01ger
He's been coaching us in doing the packaging for the Debian ecosystem,
including a transport for APT[1]. Which I believe is also used by
QubesOS. It is also part of the reproducible builds project to check
cross-build reproducibility (see integration with rebuilderd).
https://reproducible.seal.purdue.wtf/
https://github.com/kpcyrd/rebuilderd
Naturally, it is hard for me to make a statement to what level Debian is
involved, without feeling like I'm putting words on people's mouths.
However, I do believe that members of the Debian community have always
been participating and helping us out (mostly as a part of a shared goal
of build reprodicubility, as it is crucial for software supply chain
security). Personally, I was surprised to see your positive attitude for
reproducible builds on another project's (which is good to see it
mentioned!) vote but glossed over the in-toto bits as part of the
effort (I'm don't bleieve there are other CNCF projects listed here):
https://reproducible-builds.org/who/projects/
Commit history graph[6] shows a distinct slowdown starting 2020. DoesIn a sense, yes, the Python implementation is being used in production,
this mean the project has reached/is approaching feature completeness?
so we are wary to do major overhauls. We have adopted the attitude to
use the golang implementation to test out new features and then port
them back to the python one.
I can also say that we had various degrees of developer turnover once
the pandemic started...
Is the "every 3 months release cadence" starting with 1.2.0?No, this has been a committment we've done and/or around version 1.0. We
have lagged a couple of times, I agree.
Recent PRs were largely janitorial and/or from bots[7]. Along similarThis is true, I'm not entirely in control on velocity. Overall, we get
lines, the three example PRs[8][9][10] are dated middle of last year.
... [snip]
I know from my own DDs that velocity can be deceiving, and that it can
also be compensated by extremely wide adoption.
high fluctuation on it, depending on how features get approved, new
integrations pop up, etc. I wish I had a better answer to this.
Is there a timeframe for Future Plans & ITEs[11]?Overall, yes. Not sure if you've seen the roadmap reviews. We have also
moved to a monthly community meeting time where we discuss ITE status
and vote to increase velocity. We're starting to see a lot of
implementations (e.g., witness) that are bringing up new features. As
usual, we're in a tightrope between ensuring everybody is heard in terms
of feature additions (so as to not overlap), and allow people to play
with things to see what works.
Yet, I do not currently get a strong feeling of high velocity nor of
very wide adoption. At the same time, I realize I am very late to the
game in this DD process. Having joined TOC just before a week of
illness makes me the late-comer with questions & vote. I explicitly
do not want to block anything with incomplete information.
As such, my current vote is +0 as per above. Depending on answers, II do appreciate your perspective. And I've be happy to answer questions
would be happy to switch to +1.
or rephrase answers as needed.
Cheers!
-Santiago
[1] https://packages.debian.org/sid/x32/utils/apt-transport-in-toto
On Thu, Feb 17, 2022 at 09:00:52PM +0100, Richard Hartmann wrote:
Richard Hartmann
+0 binding
Still getting up to speed for TOC, sorry. Some questions:
Debian is not a company. I couldn't find Lukas on Debian Developer
search[1] nor Debian Maintainer search[2]. In a section below, Debian
was removed and replaced with "New York University". Not a blocker,
but being a Debian Developer myself, I feel compelled to mention it.
Debian packages[3][4] for in-toto are from 2021-03-12, skipping 1.1.0,
1.1.1, and the recent 1.2.0 releases[5].
Commit history graph[6] shows a distinct slowdown starting 2020. Does
this mean the project has reached/is approaching feature completeness?
Is the "every 3 months release cadence" starting with 1.2.0?
Recent PRs were largely janitorial and/or from bots[7]. Along similar
lines, the three example PRs[8][9][10] are dated middle of last year.
Is there a timeframe for Future Plans & ITEs[11]?
I know from my own DDs that velocity can be deceiving, and that it can
also be compensated by extremely wide adoption. Yet, I do not
currently get a strong feeling of high velocity nor of very wide
adoption. At the same time, I realize I am very late to the game in
this DD process. Having joined TOC just before a week of illness makes
me the late-comer with questions & vote. I explicitly do not want to
block anything with incomplete information.
As such, my current vote is +0 as per above. Depending on answers, I
would be happy to switch to +1.
Best,
Richard
[1] https://db.debian.org/
[2] https://nm.debian.org/public/findperson/
[3] https://qa.debian.org/developer.php?login=lukas.puehringer%40nyu.edu
[4] https://tracker.debian.org/pkg/in-toto
[5] https://github.com/in-toto/in-toto/tags
[6] https://github.com/in-toto/in-toto/graphs/contributors
[7] https://github.com/in-toto/in-toto/pulls?q=is%3Apr
[8] https://github.com/in-toto/in-toto/pull/462
[9] https://github.com/in-toto/in-toto/pull/456
[10] https://github.com/in-toto/in-toto/pull/466
[11] https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit#heading=h.hdo9ytubuszq
Still getting up to speed for TOC, sorry. Some questions:
Debian is not a company. I couldn't find Lukas on Debian Developer
search[1] nor Debian Maintainer search[2]. In a section below, Debian
was removed and replaced with "New York University". Not a blocker,
but being a Debian Developer myself, I feel compelled to mention it.
Debian packages[3][4] for in-toto are from 2021-03-12, skipping 1.1.0,
1.1.1, and the recent 1.2.0 releases[5].
Commit history graph[6] shows a distinct slowdown starting 2020. Does
this mean the project has reached/is approaching feature completeness?
Is the "every 3 months release cadence" starting with 1.2.0?
Recent PRs were largely janitorial and/or from bots[7]. Along similar
lines, the three example PRs[8][9][10] are dated middle of last year.
Is there a timeframe for Future Plans & ITEs[11]?
I know from my own DDs that velocity can be deceiving, and that it can
also be compensated by extremely wide adoption. Yet, I do not
currently get a strong feeling of high velocity nor of very wide
adoption. At the same time, I realize I am very late to the game in
this DD process. Having joined TOC just before a week of illness makes
me the late-comer with questions & vote. I explicitly do not want to
block anything with incomplete information.
As such, my current vote is +0 as per above. Depending on answers, I
would be happy to switch to +1.
Best,
Richard
[1] https://db.debian.org/
[2] https://nm.debian.org/public/findperson/
[3] https://qa.debian.org/developer.php?login=lukas.puehringer%40nyu.edu
[4] https://tracker.debian.org/pkg/in-toto
[5] https://github.com/in-toto/in-toto/tags
[6] https://github.com/in-toto/in-toto/graphs/contributors
[7] https://github.com/in-toto/in-toto/pulls?q=is%3Apr
[8] https://github.com/in-toto/in-toto/pull/462
[9] https://github.com/in-toto/in-toto/pull/456
[10] https://github.com/in-toto/in-toto/pull/466
[11] https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit#heading=h.hdo9ytubuszq
Alena Prokharchyk
+1 binding
toggle quoted message
Show quoted text
-alena
On Feb 8, 2022, at 1:18 PM, Amye Scavarda Perrin <ascavarda@...> wrote:In-toto has applied to move from sandbox to incubating.
PR: https://github.com/cncf/toc/pull/393
Due Diligence: https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit with links to interviews, presentations
Justin Cormack is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/6513)
Please vote (+1/0/-1) by replying to this thread.
Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
Erin Boyd
+1 binding
On Tue, Feb 8, 2022 at 2:21 PM Amye Scavarda Perrin <ascavarda@...> wrote:
In-toto has applied to move from sandbox to incubating.
PR: https://github.com/cncf/toc/pull/393
Due Diligence: https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit with links to interviews, presentations
Justin Cormack is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/6513)
Please vote (+1/0/-1) by replying to this thread.
Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
+1 non-binding
toggle quoted message
Show quoted text
On Wed, Feb 09, 2022 at 11:30:35PM -0800, Jim Bugwadia via lists.cncf.io wrote:
+1 non-binding
On Wed, Feb 9, 2022 at 6:57 PM Yusuf Hadiwinata <yusuf@...> wrote:+1 NB
Best Regards,
Yusuf Hadiwinata Sutandar
VP - Operation & Services
PT. Biznet Gio Nusantara
GPG: 86C2DE58
<https://keyserver.ubuntu.com/pks/lookup?search=yusuf+hadiwinata&fingerprint=on&op=index>
+====================+
Hosting Paling Ekonomis!!
<https://www.biznetgio.com/en/news/hosting-ekonomis-untuk-bisnis>
+====================+
*Biznet Gio Compliance List:*
*PCI-DSS | SOC Type 2 | ISO 27001 | ISO 9001 | ISO 27701 | ISO 27017 | ISO
27018*
------------------------------
*From:* cncf-toc@... <cncf-toc@...> on behalf of
stevenlasker via lists.cncf.io <stevenlasker=hotmail.com@...>
*Sent:* Thursday, 10 February 2022 6:23
*To:* cncf-toc@... <cncf-toc@...>
*Subject:* Re: [cncf-toc] [VOTE] In-toto for incubating
+1 non-binding
The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s) and
may contain proprietary, confidential or privileged information. If you are
not the intended recipient, you should not disseminate, distribute or copy
this e-mail. Please notify the sender immediately and destroy all copies of
this message and any attachments.
Jim Bugwadia
+1 non-binding
On Wed, Feb 9, 2022 at 6:57 PM Yusuf Hadiwinata <yusuf@...> wrote:
+1 NB
Best Regards,
Yusuf Hadiwinata SutandarVP - Operation & Services
PT. Biznet Gio Nusantara
GPG: 86C2DE58+====================++====================+
Biznet Gio Compliance List:
PCI-DSS | SOC Type 2 | ISO 27001 | ISO 9001 | ISO 27701 | ISO 27017 | ISO 27018
From: cncf-toc@... <cncf-toc@...> on behalf of stevenlasker via lists.cncf.io <stevenlasker=hotmail.com@...>
Sent: Thursday, 10 February 2022 6:23
To: cncf-toc@... <cncf-toc@...>
Subject: Re: [cncf-toc] [VOTE] In-toto for incubating+1 non-bindingThe information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
Yusuf Hadiwinata
+1 NB
Best Regards,
Yusuf Hadiwinata Sutandar
Yusuf Hadiwinata Sutandar
VP - Operation & Services
PT. Biznet Gio Nusantara
PT. Biznet Gio Nusantara
GPG:
86C2DE58
+====================+
+====================+
Biznet Gio Compliance List:
PCI-DSS | SOC Type 2 | ISO 27001 | ISO 9001 | ISO 27701 | ISO 27017 | ISO 27018
From: cncf-toc@... <cncf-toc@...> on behalf of stevenlasker via lists.cncf.io <stevenlasker=hotmail.com@...>
Sent: Thursday, 10 February 2022 6:23
To: cncf-toc@... <cncf-toc@...>
Subject: Re: [cncf-toc] [VOTE] In-toto for incubating
Sent: Thursday, 10 February 2022 6:23
To: cncf-toc@... <cncf-toc@...>
Subject: Re: [cncf-toc] [VOTE] In-toto for incubating
+1 non-binding
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should
not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
Luke A Hinds <lhinds@...>
+1 NB!
On Tue, Feb 8, 2022 at 9:21 PM Amye Scavarda Perrin <ascavarda@...> wrote:
In-toto has applied to move from sandbox to incubating.
PR: https://github.com/cncf/toc/pull/393
Due Diligence: https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit with links to interviews, presentations
Justin Cormack is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/6513)
Please vote (+1/0/-1) by replying to this thread.
Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
Andrew Martin <andy@...>
+1 NB :D
On Tue, 8 Feb 2022 at 21:18, Amye Scavarda Perrin <ascavarda@...> wrote:
In-toto has applied to move from sandbox to incubating.
PR: https://github.com/cncf/toc/pull/393
Due Diligence: https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit with links to interviews, presentations
Justin Cormack is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/6513)
Please vote (+1/0/-1) by replying to this thread.
Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
Ricardo Aravena
+1 nb
On Tue, Feb 8, 2022 at 1:18 PM Amye Scavarda Perrin <ascavarda@...> wrote:
In-toto has applied to move from sandbox to incubating.
PR: https://github.com/cncf/toc/pull/393
Due Diligence: https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit with links to interviews, presentations
Justin Cormack is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/6513)
Please vote (+1/0/-1) by replying to this thread.
Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
Justin Cappos <jcappos@...>
+1 nb!!!
On Wed, Feb 9, 2022 at 5:00 PM Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...> wrote:
+1 bindingOn Tue, Feb 8, 2022 at 9:18 PM Amye Scavarda Perrin <ascavarda@...> wrote:In-toto has applied to move from sandbox to incubating.
PR: https://github.com/cncf/toc/pull/393
Due Diligence: https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit with links to interviews, presentations
Justin Cormack is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/6513)
Please vote (+1/0/-1) by replying to this thread.
Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
+1 binding
On Wed, Feb 9, 2022 at 3:12 PM Matt Farina <matt@...> wrote:
+1 bindingOn Tue, Feb 8, 2022, at 4:18 PM, Amye Scavarda Perrin wrote:In-toto has applied to move from sandbox to incubating.Due Diligence: https://docs.google.com/document/d/1zoOdI_xygcY3Ta1LzTFfAjW8vhvR6lcAqQRlzYNo91k/edit with links to interviews, presentationsJustin Cormack is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/6513)Please vote (+1/0/-1) by replying to this thread.Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!--Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...
--
~Dave